Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
294
Views
1
Helpful
2
Replies

Found CVE-2018-0101 on ASA 9.12.4.67 which is released 2024

Go to solution
Loc120287
Level 1
Level 1

‎06-07-2024 09:14 AM

Hi,

My security team ran a monthly VULNERABILITY scan and found CVE-2018-0101 on our ASA. 

We upgrade our  ASA quite often. By the time it was scanned, It had the latest version of ASA OS which is  9.12.4.67

I checked the link for the bug.  Our ASA is not in the effected OS of the bug.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

Is it safe to say it is a false positve here?

Thanks

Loc

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP
VIP

‎06-08-2024 01:42 PM

You're right, there appears to be a discrepancy.

CVE-2018-0101 Details: This CVE refers to a critical vulnerability in Cisco ASA's SSL VPN functionality identified in 2018. It allowed attackers to remotely execute code or reload the device.

Cisco ASA 9.12.4.67: This version was released in 2024, after the initial discovery and patching of CVE-2018-0101.

Cisco Security Advisory: The link you provided confirms that the vulnerable versions were patched in 2018.

Considering these points, it's highly likely that this is a false positive.

Here's what you can do next:

Double-check the scanner report: Look for details about the specific vulnerability detected. It might be a variant or a different issue with a similar CVE ID.
Contact Cisco Support: Explain the situation and provide details about your ASA version and the scanner report. They can definitively confirm if it's a false positive.
Consider alternative scanners: If you frequently encounter false positives with your current scanner, explore other vulnerability scanning tools.

In short summary, there's strong evidence suggesting a false positive. However, it's always best to confirm with Cisco or seek a second opinion from another scanner for peace of mind.

please do not forget to rate.

View solution in original post

2 Replies 2

Go to solution
ccieexpert
Level 1
Level 1

‎06-08-2024 12:35 PM - edited ‎06-08-2024 07:54 PM

hi most likely a false positive . but to be on the safe side.. ask your security team to provide details and maybe even the contact the vendor that makes the scanner to ask them why its triggering.. once you have the details, you can then contact PSIRT (Cisco Product Security Incident Response Team) PSIRT link  and give them  the details you found and what shows in the scan.. and they will get back to you.. I suggest first contacting the vendor of the scanning tool or atleast get full details of the scan, so that PSIRT has all the details.

 

 

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP

‎06-08-2024 01:42 PM

You're right, there appears to be a discrepancy.

CVE-2018-0101 Details: This CVE refers to a critical vulnerability in Cisco ASA's SSL VPN functionality identified in 2018. It allowed attackers to remotely execute code or reload the device.

Cisco ASA 9.12.4.67: This version was released in 2024, after the initial discovery and patching of CVE-2018-0101.

Cisco Security Advisory: The link you provided confirms that the vulnerable versions were patched in 2018.

Considering these points, it's highly likely that this is a false positive.

Here's what you can do next:

Double-check the scanner report: Look for details about the specific vulnerability detected. It might be a variant or a different issue with a similar CVE ID.
Contact Cisco Support: Explain the situation and provide details about your ASA version and the scanner report. They can definitively confirm if it's a false positive.
Consider alternative scanners: If you frequently encounter false positives with your current scanner, explore other vulnerability scanning tools.

In short summary, there's strong evidence suggesting a false positive. However, it's always best to confirm with Cisco or seek a second opinion from another scanner for peace of mind.

please do not forget to rate.
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card